CVE-2004-1161

2005-01-1005:00:00

mitre

web.nvd.nist.gov

rssh

cve-2004-1161

authentication bypass

access restrictions

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.02

Percentile

88.9%

JSON

rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.

Affected configurations

Nvd

Node

rsshrsshMatch2.0

rsshrsshMatch2.1

rsshrsshMatch2.2

rsshrsshMatch2.2.1

rsshrsshMatch2.2.2

Node

gentoolinux

VendorProductVersionCPE
rsshrssh2.0cpe:2.3:a:rssh:rssh:2.0:*:*:*:*:*:*:*
rsshrssh2.1cpe:2.3:a:rssh:rssh:2.1:*:*:*:*:*:*:*
rsshrssh2.2cpe:2.3:a:rssh:rssh:2.2:*:*:*:*:*:*:*
rsshrssh2.2.1cpe:2.3:a:rssh:rssh:2.2.1:*:*:*:*:*:*:*
rsshrssh2.2.2cpe:2.3:a:rssh:rssh:2.2.2:*:*:*:*:*:*:*
gentoolinux*cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rssh	rssh	2.0	cpe:2.3:a:rssh:rssh:2.0:::::::*
rssh	rssh	2.1	cpe:2.3:a:rssh:rssh:2.1:::::::*
rssh	rssh	2.2	cpe:2.3:a:rssh:rssh:2.2:::::::*
rssh	rssh	2.2.1	cpe:2.3:a:rssh:rssh:2.2.1:::::::*
rssh	rssh	2.2.2	cpe:2.3:a:rssh:rssh:2.2.2:::::::*
gentoo	linux	*	cpe:2.3:o:gentoo:linux::::::::